On 26/08 17:42, Adam D. Barratt wrote:
> Our tooling has highlighted a dependency issue. I've not had chance to
> check if it already existed in the earlier package, but:
>
> unsat-dependency: python-cryptography (< 1.6)
>
> stretch has python-cryptography 1.7.1
This is a regression somewhere in the build process; 0.18.2-6 in stretch
currently has (sorted alphabetically for easier reading):
Depends:
python-backports.ssl-match-hostname,
python-blinker (<< 1.5),
python-brotli (>= 0.5.1),
python-certifi,
python-click,
python-configargparse (>= 0.10),
python-construct (>= 2.5.2),
python-cryptography (>= 1.3),
python-cssutils (<< 1.1),
python-flask (>= 0.10.1),
python-h2 (>= 2.4.1),
python-hpack,
python-html2text (>= 2016.1.8),
python-hyperframe (<< 5),
python-jsbeautifier (>= 1.6.3),
python-lxml (>= 3.5.0),
python-openssl (>= 16.0),
python-passlib (>= 1.6.5),
python-pil (>= 3.2),
python-pyasn1 (>= 0.1.9),
python-pyparsing (>= 2.1.3),
python-pyperclip,
python-requests (>= 2.9.1),
python-six (>= 1.10),
python-tornado (>= 4.3),
python-typing
python-urwid (>= 1.3.1),
python-watchdog (>= 0.8.3),
python:any (<< 2.8),
python:any (>= 2.7.5-5~),
0.18.2-6+deb9u1 has:
Depends:
python-backports.ssl-match-hostname,
python-blinker (<< 1.5),
python-brotli (>= 0.5.1),
python-certifi,
python-click,
python-configargparse (>= 0.10),
python-construct (>= 2.5.2),
python-cryptography (<< 1.6),
python-cryptography (>= 1.3),
python-cssutils (<< 1.1),
python-flask (<< 0.12),
python-flask (>= 0.10.1),
python-h2 (>= 2.4.1),
python-hpack,
python-html2text (>= 2016.1.8),
python-hyperframe (<< 5),
python-jsbeautifier (>= 1.6.3),
python-lxml (>= 3.5.0),
python-openssl (>= 16.0),
python-passlib (>= 1.6.5),
python-pil (>= 3.2),
python-pyasn1 (<< 0.2),
python-pyasn1 (>= 0.1.9),
python-pyparsing (>= 2.1.3),
python-pyperclip,
python-requests (>= 2.9.1),
python-six (<< 1.11),
python-six (>= 1.10),
python-tornado (>= 4.3),
python-typing
python-urwid (>= 1.3.1),
python-watchdog (>= 0.8.3),
python:any (<< 2.8),
python:any (>= 2.7.5-5~),
At this point I'm not sure what part of the build chain is adding back
all the "python foo (<< .n.m)" (obviously during the expansion of
${python:Depends}, and by looking at setup.py), even though python-foo
is already explicitly listed in debian/control's Depends field.
Even more confusing to me right now is that the whole point of 0.18.2-6
was indeed to *remove* all those upper-bound dependencies:
- https://bugs.debian.org/848562
-
https://salsa.debian.org/debian/mitmproxy/commit/4c238cb3549b9bf5e7b01a9c287eb2428a7134d2
And obviously at the time it worked, because 0.18.6-2 is indeed
"correct".
Cheers,
--
Seb
